<?php 
/* ================================================================================
 * LWAdmin	 
 *
 * roles.php: This is the roles file for Living Web.
 *
 * Author: Eric Hendrickson (enhendrickson@liberty.edu)
 * Date: 2/18/05
   ================================================================================ */
	
	global $SSO, $Security, $AppID, $User, $DB;

	//Check to see if there is a valid session 
	$SessionInfo = $SSO->isValidSession("index.php?action=login", $SSO->getSessionInformation());	
	
	//Check to see if the user has rights to be on LWAdmin
	$PageRights = array('ADMIN','USERADMIN');
	$Security->ValidateUser($SessionInfo['username'], $AppID, $PageRights, 1);
		
	//Grab the user info
	$UserInfo = $User->GetUserInfo($SessionInfo['username']);
?>

<table cellpadding="0" cellspacing="0" width="100%" border="0">
	<tr>
		<td><br><br>
			<?php
				if(!isset($_GET['a']))
				{
					$_GET['a'] = '';
				}

				switch($_GET['a'])
				{
					case 'change_role':
					{
						if(isset($_POST['btnLeft']) && isset($_POST['NotAssignedRoles']) && isset($_GET['Username']) && isset($_GET['AppID']))
						{
							global $DB;
							$DB->query("INSERT INTO access (Username,AppID,RoleID) VALUES ('" . $_GET['Username'] . "','" . $_GET['AppID'] . "','" . $_POST['NotAssignedRoles'] . "')");
						}
						if(isset($_POST['btnRight']) && isset($_POST['AssignedRoles']) && isset($_GET['Username']) && isset($_GET['AppID']))
						{
							global $DB;
							$DB->query("DELETE FROM access WHERE username='" . $_GET['Username'] . "' AND AppID='" . $_GET['AppID'] . "'  AND RoleID = '" . $_POST['AssignedRoles'] . "'" );
						}
						
						header("Location:index.php?action=users_access&a=choose_app&username=" . $_GET['Username'] . "&id=" . $_GET['AppID']); 
					}
					case 'choose_app':
					{
						if(!isset($_GET['username']))
						{
							exit();
							header("Location:index.php?action=users");
						}
						if(!isset($_GET['id']))
						{
							header("Location:index.php?action=users_access");
						}

						EditAccess($_GET['id'],$_GET['username']);
						break; 	
					}
					default:
					{
						if(!isset($_POST['selUsers']))
						{
							header("Location:index.php?action=users");
						}

						print '<form action="index.php?action=roles" method="post" name="frmAccess">';

						ChooseApp();
						
						print '</form>';
						break;
					}
				}
				?>	
		</td>
	</tr>
</table>

<?php 
	
	function ChooseApp()
	{
		global $DB;
		
		$Apps = '<table cellpadding="0" cellspacing="0" align="center" border="0">
		<tr><td>&nbsp;</td></tr>
		<tr><td><span class="TB1" style="color:#555555;">Choose Application</span></td></tr>';

		$row_count = 1;
		$DB->query("SELECT * FROM apps ORDER BY AppName");
		while($row = $DB->fetch_row())
		{
			$Apps = $Apps . '<tr><td>&nbsp;&nbsp;&raquo;&nbsp;<a href="index.php?action=users_access&amp;a=choose_app&amp;id=' . $row['AppID'] . '&amp;username=' . $_POST['selUsers'] . '" class="L1">' . $row['AppName'] . '</a>&nbsp;&nbsp;&nbsp;</td></tr>';
		}
		
		$Apps = $Apps . '<tr><td>&nbsp;</td></tr></table>';
		
		print '
			<table cellpadding="0" cellspacing="0" align="center" border="0" width="100%">
				<tr>
					<td>' 
					. $Apps . 
					'</td>
				</tr>
			</table>
			</form>';
	}
	
	function EditAccess($appid,$username)
	{
		global $DB;
		$DB->query("SELECT AppName FROM apps WHERE AppID = '" . $appid. "'");
		if(!($row = $DB->fetch_row()))
		{
			header("Location:index.php?action=users_access");
		}
		
		print '<form  action="index.php?action=users_access&amp;a=change_role&amp;Username=' . $username . '&amp;AppID=' . $appid . '" method="post" name="frmUserMinistries">
			<table style="border-spacing:0px;border:0px;padding:5px;width:80%;align:center;" align="center" border="0">
				<tr>
					<td colspan="3">
						<span class="TB1" style="font-size:14px;">' . $row['AppName'] . '</span>
					</td>
				</tr>
				<tr>
					<td align="center">
						<span class="TB1">Assigned Roles</span>
					</td>
					<td>&nbsp;
					</td>
					<td align="center">
						<span class="TB1">Avaliable Roles</span>
					</td>
				</tr>
				<tr>
					<td valign="middle" align="center">	';		
		print GenerateAssignedRoles($appid,$username);
		print '</select>
					</td>
					<td align="center">
						<table style="border-spacing:0px;border:0px;padding:5px;align:center;">
							<tr>
								<td><input type="submit" class="B" style="width:40px;background-color:#CCCCCC;" name="btnLeft" value="<<"></td>
							</tr>
							<tr>
								<td><input type="submit" class="B" style="width:40px;background-color:#CCCCCC;" name="btnRight" value=">>"></td>
							</tr>
							<tr>
								<td><input type="button" class="B" style="width:40px;background-color:#CCCCCC;" name="btnDone" value="Done" onClick="location.href=\'index.php?action=users\';"></td>
							</tr>
						</table>
					</td>
					<td valign="middle" align="center">';
			print GenerateNotAssignedRoles($appid,$username); 
			print '</td>
				</tr>
			</table> 
			</form>';
	}
	
	function GenerateNotAssignedRoles($appid,$username)
	{
		global $DB;
		$Options = '<select name="NotAssignedRoles" size="5" style="width:100px;">';
		
		$sql = "select r.*
				  from roles as r
				  left join access as a on a.roleid = r.roleid 
				  and a.appid = r.appid 
				  and a.username = '{$username}'
				  where r.appid = '{$appid}' and a.appid is null";
				  
		$DB->query($sql);
		$row = $DB->fetch_row();
		
		$Options .= '<option selected value="' . $row['RoleID'] . '">' . $row['RoleID'] . '</option>';
		
		while($row = $DB->fetch_row())
		{	
			$Options .= '<option value="' . $row['RoleID'] . '">' . $row['RoleID'] . '</option>';
		}
		
		$Options .= '</select>';
		return $Options;
	}

	function GenerateAssignedRoles($appid,$username)
	{
		global $DB;
		$Options = '<select name="AssignedRoles" size="5" style="width:100px;">';
		
		$sql = "select roleid from access 
					where appid = '{$appid}' 
					and username = '{$username}'";
		
		$DB->query($sql);
		$row = $DB->fetch_row();
		
		$Options = $Options . '<option selected value="' . $row['roleid'] . '">' . $row['roleid'] . '</option>';
		while($row = $DB->fetch_row())
		{	
			$Options = $Options . '<option value="' . $row['roleid'] . '">' . $row['roleid'] . '</option>';
		}
		
		$Options = $Options . "</select>";
		return $Options;
	}
	
?>
